I totally agree with you but if I need to perform testing on Authentication Web Services do you suggest any approach to perform unit /load testing as it is totally new field to me.
<GIFTS_PAYLOAD> <PARAMETERS> <ERROR> <ERROR_CODE><![CDATA[001]]></ERROR_CODE> <ERROR_LOCATION><![CDATA[Authentication Error]]></ERROR_LOCATION> <ERROR_MESSAGE><![CDATA[Authentication Failed. Unable to find the specified GUID in the SmartChange system. If the problem persists please contact the SmartChange administrator.]]></ERROR_MESSAGE> </ERROR> </PARAMETERS> </GIFTS_PAYLOAD>
Security testing: It can't tell in one word it's a big process and vary sever to server.
It depends on application you test. In my case we download data from one central database to a local database using webservice. In central database data is stored as per pariticular service area and it should be visible only to user of that particular service area and while connecting to central database through webservice we provide user name and password. So we test that when we log in to particular service area we should not be able to see and download data from other service area... This is what I do 1) Created data in both service area which can be downloaded 2) However login with 1 service area 2) Try to download data 3) Verify that only particular service areas data gets downloaded.. We do lot many things.. but it actaully depends on application.
